I have a problem connecting my Cisco phone with SIP firmware to Asterisk. It registers successfully and can make outgoing calls, but incoming calls are not being signaled. I am using chan_pjsip on Asterisk. In pjsip.conf, I have already set rewrite_contact=yes and force_rport=yes in the endpoint configuration for the Cisco phone. I am unsure if this is a NAT issue. My setup is as follows:
-- Executing [1005@outgoing:1] Dial("PJSIP/1002-00000000", "PJSIP/1005") in new stack
-- Called PJSIP/1005
== Everyone is busy/congested at this time (1:0/0/1)
-- Auto fallthrough, channel 'PJSIP/1002-00000000' status is 'CHANUNAVAIL'
CLI>
I should mention that everything works when using the multiplatform firmware on the phone. I am currently not using any Asterisk patches and am running version 22.1.1.
Which IP should I set for the contact parameter?
I have tried the following:
pjsip.conf:
[tcp]
type=transport
protocol=tcp
bind=0.0.0.0:4849
tcp_keepalive_enable=yes ; Enable TCP keepalive (yes/no)
tcp_keepalive_idle_time=30 ; Time in seconds the connection needs to remain idle before TCP starts sending keepalive probes
tcp_keepalive_interval_time=10 ; The time in seconds between individual keepalive probes
tcp_keepalive_probe_count=5 ; The maximum number of keepalive probes TCP should send before dropping the connection
[1005]
type=aor
contact=sip:1005@10.0.2.0:4849 <— I am unsure about the IP here or whether a contact needs to be set at all.
max_contacts=1
qualify_frequency=30
remove_existing=yes
I also tried using the IP 192.168.178.32 in the contact address, but that doesn’t work either.
Any guidance on this would be greatly appreciated.
As far as I can recall, the older Cisco firmware will not work in environments where these are necessary, and in fact is broken when these are used redundantly. If the Cisco is behind NAT, I think you must use the the multiprotocol firmware. If it is on the same network as Asterisk, I think you may have to explicitly disable rport.
If you know the contact address, it doesn’t need to register, in which case you don’t need max_contacts (and remove_existing). It is probably safest to assume that something like that does expect to register, and drop contact.
When I use Asterisk locally, it works. The phone can then receive incoming calls.
However, when I try to connect the phone to the remote Asterisk, the phone cannot receive calls. It must definitely have something to do with the contact address. I checked the firewall settings on the Asterisk server, and I don’t see any blocks. I am not sure if it is related to IPSec. In any case, I can reach my softphone (10.0.0.3) from the phone, which is also connected to Asterisk via VPN (but using WireGuard /10.0.0.1). The only issue is that the softphone cannot reach the Cisco phone.
As mentioned before, I can receive incoming calls with the multiplatform firmware. There must be a way to reach the phone. Do I even need to use NAT if the phone is connected to the Asterisk server via VPN? But to clarify, when I mention VPN, I don’t mean Cisco VPN—rather, the VPN is installed on the router, and the Cisco phone is routed to the remote Asterisk server via firewall policy through the VPN tunnel! I’m feeling a bit helpless because I don’t know if it’s a NAT problem or if an Asterisk patch would fix the issue. As long as I’m unsure whether the issue is related to that, I won’t apply the patch, because I want to keep my installation as clean as possible! Has there been a known issue in this area?
You also mentioned that it might be related to the firmware; however, I have tried both SIP firmware versions 12.8.1 and 14.3.1, and there is no change!
EDIT:
I have solved the problem. I had to set the following in pjsip.conf in the endpoint section:
Fascinating. I’ve got a Cisco 7940 registered on chan_pjsip in the exact same sort of network configuration, running SIP “enterprise” firmware and I have all 3 of those parameters set to “yes” with no problems. I wonder if there is a difference with the Multiplatform firmware and the Enterprise firmware with these phones? (I realize the 7940 is loads different than the 8811 but I happen to have several 3PCC x8xx model Cisco phones, I’ll have to test them in this configuration)
It may be that our VPN setup is different. On my router, the local IP for the VPN is set to 192.168.178.0, and the remote server recognizes 192.168.178.0. When I set the parameter to “yes,” the contact shows 192.168.178.0 instead of the local IP 192.168.178.32 of the Cisco phone. However, I can only ping the VPN IP through the server, not the IP of the Cisco phone.
You’re doing endpoint network address translation, this is the default config for a lot of openvpn configs out there because it’s easy, the client does not need to push the remote subnets, routing doesn’t need to be setup, etc.